This report contains detail for the following vulnerabilities:
| CVE Issued by | Tag | CVE ID | CVE Title |
|---|---|---|---|
| Microsoft | .NET | CVE-2025-21173 | .NET Elevation of Privilege Vulnerability |
| Microsoft | .NET | CVE-2025-21171 | .NET Remote Code Execution Vulnerability |
| Microsoft | .NET and Visual Studio | CVE-2025-21172 | .NET and Visual Studio Remote Code Execution Vulnerability |
| Microsoft | .NET, .NET Framework, Visual Studio | CVE-2025-21176 | .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability |
| Microsoft | Active Directory Domain Services | CVE-2025-21293 | Active Directory Domain Services Elevation of Privilege Vulnerability |
| Microsoft | Active Directory Federation Services | CVE-2025-21193 | Active Directory Federation Server Spoofing Vulnerability |
| Microsoft | Azure AI Face Service | CVE-2025-21415 | Azure AI Face Service Elevation of Privilege Vulnerability |
| Microsoft | Azure Marketplace SaaS Resources | CVE-2025-21380 | Azure Marketplace SaaS Resources Information Disclosure Vulnerability |
| Microsoft | BranchCache | CVE-2025-21296 | BranchCache Remote Code Execution Vulnerability |
| Microsoft | Internet Explorer | CVE-2025-21326 | Internet Explorer Remote Code Execution Vulnerability |
| Microsoft | IP Helper | CVE-2025-21231 | IP Helper Denial of Service Vulnerability |
| Microsoft | Line Printer Daemon Service (LPD) | CVE-2025-21224 | Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability |
| Microsoft | Microsoft Account | CVE-2025-21396 | Microsoft Account Elevation of Privilege Vulnerability |
| Microsoft | Microsoft AutoUpdate (MAU) | CVE-2025-21360 | Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Azure Gateway Manager | CVE-2025-21403 | On-Premises Data Gateway Information Disclosure Vulnerability |
| Microsoft | Microsoft Brokering File System | CVE-2025-21315 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Brokering File System | CVE-2025-21372 | Microsoft Brokering File System Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Digest Authentication | CVE-2025-21294 | Microsoft Digest Authentication Remote Code Execution Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0762 | Chromium: CVE-2025-0762 Use after free in DevTools |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0291 | Chromium: CVE-2025-0291 Type Confusion in V8 |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0442 | Chromium: CVE-2025-0442 Inappropriate implementation in Payments |
| Microsoft | Microsoft Edge (Chromium-based) | CVE-2025-21262 | Microsoft Edge (Chromium-based) Spoofing Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0437 | Chromium: CVE-2025-0437 Out of bounds read in Metrics |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0435 | Chromium: CVE-2025-0435 Inappropriate implementation in Navigation |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0434 | Chromium: CVE-2025-0434 Out of bounds memory access in V8 |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0611 | Chromium: CVE-2025-0612 Out of bounds memory access in V8 |
| Microsoft | Microsoft Edge (Chromium-based) | CVE-2025-21185 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0440 | Chromium: CVE-2025-0440 Inappropriate implementation in Fullscreen |
| Microsoft | Microsoft Edge (Chromium-based) | CVE-2025-21399 | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0436 | Chromium: CVE-2025-0436 Integer overflow in Skia |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0438 | Chromium: CVE-2025-0438 Stack buffer overflow in Tracing |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0439 | Chromium: CVE-2025-0439 Race in Frames |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0612 | Chromium: CVE-2025-0611 Object corruption in V8 |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0441 | Chromium: CVE-2025-0441 Inappropriate implementation in Fenced Frames |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0443 | Chromium: CVE-2025-0443 Insufficient data validation in Extensions |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0446 | Chromium: CVE-2025-0446 Inappropriate implementation in Extensions |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0448 | Chromium: CVE-2025-0448 Inappropriate implementation in Compositing |
| Chrome | Microsoft Edge (Chromium-based) | CVE-2025-0447 | Chromium: CVE-2025-0447 Inappropriate implementation in Navigation |
| Microsoft | Microsoft Graphics Component | CVE-2025-21382 | Windows Graphics Component Elevation of Privilege Vulnerability |
| Microsoft | Microsoft Office | CVE-2025-21365 | Microsoft Office Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office | CVE-2025-21346 | Microsoft Office Security Feature Bypass Vulnerability |
| Microsoft | Microsoft Office Access | CVE-2025-21186 | Microsoft Access Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Access | CVE-2025-21366 | Microsoft Access Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Access | CVE-2025-21395 | Microsoft Access Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2025-21364 | Microsoft Excel Security Feature Bypass Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2025-21354 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Excel | CVE-2025-21362 | Microsoft Excel Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office OneNote | CVE-2025-21402 | Microsoft Office OneNote Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Outlook | CVE-2025-21357 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Outlook for Mac | CVE-2025-21361 | Microsoft Outlook Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2025-21393 | Microsoft SharePoint Server Spoofing Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2025-21344 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office SharePoint | CVE-2025-21348 | Microsoft SharePoint Server Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Visio | CVE-2025-21345 | Microsoft Office Visio Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Visio | CVE-2025-21356 | Microsoft Office Visio Remote Code Execution Vulnerability |
| Microsoft | Microsoft Office Word | CVE-2025-21363 | Microsoft Word Remote Code Execution Vulnerability |
| Microsoft | Microsoft Purview | CVE-2025-21385 | Microsoft Purview Information Disclosure Vulnerability |
| Microsoft | Microsoft Windows Search Component | CVE-2025-21292 | Windows Search Service Elevation of Privilege Vulnerability |
| Microsoft | Power Automate | CVE-2025-21187 | Microsoft Power Automate Remote Code Execution Vulnerability |
| Microsoft | Reliable Multicast Transport Driver (RMCAST) | CVE-2025-21307 | Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
| Microsoft | Visual Studio | CVE-2025-21405 | Visual Studio Elevation of Privilege Vulnerability |
| Microsoft | Visual Studio | CVE-2025-21178 | Visual Studio Remote Code Execution Vulnerability |
| GitHub | Visual Studio | CVE-2024-50338 | GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager |
| Microsoft | Windows BitLocker | CVE-2025-21214 | Windows BitLocker Information Disclosure Vulnerability |
| Microsoft | Windows BitLocker | CVE-2025-21213 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Boot Loader | CVE-2025-21211 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Boot Manager | CVE-2025-21215 | Secure Boot Security Feature Bypass Vulnerability |
| Microsoft | Windows Client-Side Caching (CSC) Service | CVE-2025-21374 | Windows CSC Service Information Disclosure Vulnerability |
| Microsoft | Windows Client-Side Caching (CSC) Service | CVE-2025-21378 | Windows CSC Service Elevation of Privilege Vulnerability |
| Microsoft | Windows Cloud Files Mini Filter Driver | CVE-2025-21271 | Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
| Microsoft | Windows COM | CVE-2025-21281 | Microsoft COM for Windows Elevation of Privilege Vulnerability |
| Microsoft | Windows COM | CVE-2025-21272 | Windows COM Server Information Disclosure Vulnerability |
| Microsoft | Windows COM | CVE-2025-21288 | Windows COM Server Information Disclosure Vulnerability |
| Microsoft | Windows Connected Devices Platform Service | CVE-2025-21207 | Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability |
| Microsoft | Windows Cryptographic Services | CVE-2025-21336 | Windows Cryptographic Information Disclosure Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21261 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21229 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21232 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21327 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21226 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21263 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21227 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21228 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21260 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21310 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21258 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21256 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21324 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21265 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21341 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21255 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Digital Media | CVE-2025-21249 | Windows Digital Media Elevation of Privilege Vulnerability |
| Microsoft | Windows Direct Show | CVE-2025-21291 | Windows Direct Show Remote Code Execution Vulnerability |
| Microsoft | Windows DWM Core Library | CVE-2025-21304 | Microsoft DWM Core Library Elevation of Privilege Vulnerability |
| Microsoft | Windows Event Tracing | CVE-2025-21274 | Windows Event Tracing Denial of Service Vulnerability |
| Microsoft | Windows Geolocation Service | CVE-2025-21301 | Windows Geolocation Service Information Disclosure Vulnerability |
| Microsoft | Windows Hello | CVE-2025-21340 | Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability |
| Microsoft | Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21335 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Microsoft | Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21334 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Microsoft | Windows Hyper-V NT Kernel Integration VSP | CVE-2025-21333 | Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability |
| Microsoft | Windows Installer | CVE-2025-21331 | Windows Installer Elevation of Privilege Vulnerability |
| Microsoft | Windows Installer | CVE-2025-21275 | Windows App Package Installer Elevation of Privilege Vulnerability |
| Microsoft | Windows Installer | CVE-2025-21287 | Windows Installer Elevation of Privilege Vulnerability |
| Microsoft | Windows Kerberos | CVE-2025-21218 | Windows Kerberos Denial of Service Vulnerability |
| Microsoft | Windows Kerberos | CVE-2025-21242 | Windows Kerberos Information Disclosure Vulnerability |
| Microsoft | Windows Kerberos | CVE-2025-21299 | Windows Kerberos Security Feature Bypass Vulnerability |
| Microsoft | Windows Kernel Memory | CVE-2025-21317 | Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft | Windows Kernel Memory | CVE-2025-21316 | Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft | Windows Kernel Memory | CVE-2025-21318 | Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft | Windows Kernel Memory | CVE-2025-21323 | Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft | Windows Kernel Memory | CVE-2025-21319 | Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft | Windows Kernel Memory | CVE-2025-21320 | Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft | Windows Kernel Memory | CVE-2025-21321 | Windows Kernel Memory Information Disclosure Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21332 | MapUrlToZone Security Feature Bypass Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21189 | MapUrlToZone Security Feature Bypass Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21276 | Windows MapUrlToZone Denial of Service Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21329 | MapUrlToZone Security Feature Bypass Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21268 | MapUrlToZone Security Feature Bypass Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21269 | Windows HTML Platforms Security Feature Bypass Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21328 | MapUrlToZone Security Feature Bypass Vulnerability |
| Microsoft | Windows MapUrlToZone | CVE-2025-21219 | MapUrlToZone Security Feature Bypass Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21285 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21270 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21277 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21290 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21289 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21220 | Microsoft Message Queuing Information Disclosure Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21251 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows Message Queuing | CVE-2025-21230 | Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability |
| Microsoft | Windows NTLM | CVE-2025-21217 | Windows NTLM Spoofing Vulnerability |
| Microsoft | Windows NTLM | CVE-2025-21311 | Windows NTLM V1 Elevation of Privilege Vulnerability |
| Microsoft | Windows OLE | CVE-2025-21298 | Windows OLE Remote Code Execution Vulnerability |
| Microsoft | Windows PrintWorkflowUserSvc | CVE-2025-21235 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| Microsoft | Windows PrintWorkflowUserSvc | CVE-2025-21234 | Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability |
| Microsoft | Windows Recovery Environment Agent | CVE-2025-21202 | Windows Recovery Environment Agent Elevation of Privilege Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2025-21309 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2025-21297 | Windows Remote Desktop Services Remote Code Execution Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2025-21225 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2025-21330 | Windows Remote Desktop Services Denial of Service Vulnerability |
| Microsoft | Windows Remote Desktop Services | CVE-2025-21278 | Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability |
| CERT CC | Windows Secure Boot | CVE-2024-7344 | Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass |
| Microsoft | Windows Secure Kernel Mode | CVE-2025-21325 | Windows Secure Kernel Mode Elevation of Privilege Vulnerability |
| Microsoft | Windows Security Account Manager | CVE-2025-21313 | Windows Security Account Manager (SAM) Denial of Service Vulnerability |
| Microsoft | Windows Smart Card | CVE-2025-21312 | Windows Smart Card Reader Information Disclosure Vulnerability |
| Microsoft | Windows SmartScreen | CVE-2025-21314 | Windows SmartScreen Spoofing Vulnerability |
| Microsoft | Windows SPNEGO Extended Negotiation | CVE-2025-21295 | SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21237 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21236 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21286 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21273 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21233 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21266 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21417 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21250 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21240 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21238 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21223 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21409 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21245 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21413 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21411 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21246 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21239 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21306 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21243 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21244 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21303 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21302 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21339 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21248 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21282 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21305 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21241 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Telephony Service | CVE-2025-21252 | Windows Telephony Service Remote Code Execution Vulnerability |
| Microsoft | Windows Themes | CVE-2025-21308 | Windows Themes Spoofing Vulnerability |
| Microsoft | Windows UPnP Device Host | CVE-2025-21300 | Windows upnphost.dll Denial of Service Vulnerability |
| Microsoft | Windows UPnP Device Host | CVE-2025-21389 | Windows upnphost.dll Denial of Service Vulnerability |
| Microsoft | Windows Virtual Trusted Platform Module | CVE-2025-21210 | Windows BitLocker Information Disclosure Vulnerability |
| Microsoft | Windows Virtual Trusted Platform Module | CVE-2025-21284 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
| Microsoft | Windows Virtual Trusted Platform Module | CVE-2025-21280 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability |
| Microsoft | Windows Virtualization-Based Security (VBS) Enclave | CVE-2025-21370 | Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability |
| Microsoft | Windows Web Threat Defense User Service | CVE-2025-21343 | Windows Web Threat Defense User Service Information Disclosure Vulnerability |
| Microsoft | Windows Win32K - GRFX | CVE-2025-21338 | GDI+ Remote Code Execution Vulnerability |
| Microsoft | Windows WLAN Auto Config Service | CVE-2025-21257 | Windows WLAN AutoConfig Service Information Disclosure Vulnerability |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-50338
MITRE NVD Issuing CNA: GitHub |
CVE Title: GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:7,4/TemporalScore:6,4
Executive Summary: None FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is secrets or privileged information belonging to the user of the affected application. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-50338 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7,4 Temporal: 6,4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
15.9.69 | Maybe | None |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7,4 Temporal: 6,4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
16.11.43 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7,4 Temporal: 6,4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7,4 Temporal: 6,4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7,4 Temporal: 6,4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 7,4 Temporal: 6,4 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2024-50338 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21411
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21411 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21411 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21413
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21413 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21413 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21210
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows BitLocker Information Disclosure Vulnerability
Weakness: CWE-636 : Not Failing Securely ('Failing Open') CVSS: CVSS:3.1 Highest BaseScore:4,2/TemporalScore:3,7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of unencrypted hibernation images in cleartext. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an attacker needs repeated physical access to the victim machine's hard disk. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21210 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21210 | Maxim Suhanov with CICADA8 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21214
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows BitLocker Information Disclosure Vulnerability
Weakness: CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor CVSS: CVSS:3.1 Highest BaseScore:4,2/TemporalScore:3,7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Bitlocker Key. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts by swapping virtual hard disks. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21214 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 4,2 Temporal: 3,7 Vector: CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21214 | Maxim Suhanov with CICADA8 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21215
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:4,6/TemporalScore:4
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then trigger an event that could exploit the vulnerability and save an invalid state to a database or trigger other unintended actions. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 1.1    29/01/2025     In the Security Updates table, corrected the Impact to Security Feature Bypass. This is an informational change only. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21215 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Security Feature Bypass | 5048710 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Security Feature Bypass | 5048710 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Security Feature Bypass | 5048710 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Security Feature Bypass | 5048710 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Security Feature Bypass | 5048695 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Security Feature Bypass | 5048695 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21215 | Maxim Suhanov with CICADA8 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21233
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21233 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21233 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21234
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to AppContainer isolation and Mandatory Integrity Control for more information. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21234 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21234 | Jongseong Kim (nevul37) with Ajou University & ENKI WhiteHat |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21235
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker could use this vulnerability to elevate privileges from a Low Integrity Level in a contained ("sandboxed") execution environment to a Medium Integrity Level. Please refer to AppContainer isolation and Mandatory Integrity Control for more information. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21235 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21235 | Jongseong Kim (nevul37) with Ajou University & ENKI WhiteHat |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21236
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21236 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21236 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21237
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 1.1    29/01/2025     Updated information to include CVSS scores. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21237 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21237 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21239
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21239 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21239 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21241
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21241 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21241 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21242
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kerberos Information Disclosure Vulnerability
Weakness: CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor CVSS: CVSS:3.1 Highest BaseScore:5,9/TemporalScore:5,2
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is Kernel memory read - unintentional read access to memory contents in kernel space from a user mode process. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21242 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21242 | Asna Farooqui |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21243
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-190 : Integer Overflow or Wraparound CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21243 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21243 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21244
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-190 : Integer Overflow or Wraparound CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21244 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21244 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21248
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21248 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21248 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21249
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21249 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21249 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21251
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability? An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21251 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21251 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21252
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21252 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21252 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21255
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21255 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21255 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21257
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows WLAN AutoConfig Service Information Disclosure Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21257 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21257 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21258
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21258 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21258 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21260
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21260 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21260 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21263
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21263 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21263 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21265
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB device. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21265 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21265 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21266
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21266 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21266 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21268
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
Weakness: CWE-41 : Improper Resolution of Path Equivalence CVSS: CVSS:3.1 Highest BaseScore:4,3/TemporalScore:3,9
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21268 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21268 | George Hughey |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21269
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows HTML Platforms Security Feature Bypass Vulnerability
Weakness: CWE-41 : Improper Resolution of Path Equivalence CVSS: CVSS:3.1 Highest BaseScore:4,3/TemporalScore:3,8
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. What kind of security feature could be bypassed by successfully exploiting this vulnerability? A security feature bypass vulnerability exists when the MSHTML platform fails to validate the correct Security Zone of requests for specific URLs. This could allow an attacker to cause a user to access a URL in a less restricted Internet Security Zone than intended. To exploit this vulnerability, an attacker could email or otherwise provide a specially crafted URL to a victim and convince them to click on it. The security update addresses the vulnerability by correcting security feature behavior to properly map affected URLs to the correct Security Zone. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21269 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21269 | George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21270
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability? An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21270 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21270 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21271
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Weakness: CWE-126 : Buffer Over-read CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21271 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21271 | RanchoIce |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21272
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows COM Server Information Disclosure Vulnerability
Weakness: CWE-908 : Use of Uninitialized Resource CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could get unauthorized access to sensitive user data outside of the AppContainer execution environment. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21272 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21272 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21277
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Weakness: CWE-126 : Buffer Over-read CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability? An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21277 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21277 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21280
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Virtual Trusted Platform Module Denial of Service Vulnerability
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? A successful exploitation of this vulnerability via a medium integrity level exploit could allow an attacker to gain unauthorized access to system-level resources, potentially modify kernel memory, and execute arbitrary code with kernel-level privileges. This could lead to a full compromise of the system’s integrity, confidentiality, and availability. Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21280 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21280 | HongZhenhao with TianGong Team of Legendsec at Qi'anxin Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21281
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft COM for Windows Elevation of Privilege Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21281 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21281 | Zhang WangJunJie, He YiSheng with Hillstone Network Security Research Institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21282
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21282 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21282 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21284
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Virtual Trusted Platform Module Denial of Service Vulnerability
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. According to the CVSS metric, successful exploitation of this vulnerability could lead to a total loss of availability (A:H). What does that mean for this vulnerability? If an attacker was able to successfully exploit the vulnerability the attack might result in a total loss of availability. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21284 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21284 | HongZhenhao with TianGong Team of Legendsec at Qi'anxin Group |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21285
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Weakness: CWE-476 : NULL Pointer Dereference CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability? An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21285 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21285 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21288
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows COM Server Information Disclosure Vulnerability
Weakness: CWE-908 : Use of Uninitialized Resource CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21288 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21288 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21289
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability? An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21289 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21289 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21290
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability? An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21290 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21290 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21291
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Direct Show Remote Code Execution Vulnerability
Weakness: CWE-415 : Double Free CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires an authenticated client to click a link in order for an unauthenticated attacker to initiate remote code execution. How could an attacker exploit the vulnerability? An attacker could exploit the vulnerability by controlling subsequent memory allocation after a double free error occurs. This could potentially allow the attacker to execute arbitrary code, leading to remote code execution. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21291 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21291 | Mozilla |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21293
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Active Directory Domain Services Elevation of Privilege Vulnerability
Weakness: CWE-284 : Improper Access Control CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21293 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21293 | Sebastian Sadeq Birke with ReTest Security ApS |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21294
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Digest Authentication Remote Code Execution Vulnerability
Weakness: CWE-591 : Sensitive Data Storage in Improperly Locked Memory CVSS: CVSS:3.1 Highest BaseScore:8,1/TemporalScore:7,1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system which requires digest authentication, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21294 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21294 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21295
MITRE NVD Issuing CNA: Microsoft |
CVE Title: SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:8,1/TemporalScore:7,1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to manipulate system operations in a specific manner. How could an attacker exploit the vulnerability? An attacker who successfully exploits this vulnerability could achieve remote code execution without user interaction. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21295 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21295 | Yuki Chen |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21296
MITRE NVD Issuing CNA: Microsoft |
CVE Title: BranchCache Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS score, the attack vector is adjacent (AV:A). What does this mean for this vulnerability? This attack is limited to systems connected to the same network segment as the attacker. The attack cannot be performed across multiple networks (for example, a WAN) and would be limited to systems on the same network switch or virtual network. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21296 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21296 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21297
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:8,1/TemporalScore:7,1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21297 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21297 | VictorV(Tang tianwen) with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21298
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows OLE Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:9,8/TemporalScore:8,5
Executive Summary: None FAQ: How could an attacker exploit the vulnerability? In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted email to the victim. Exploitation of the vulnerability might involve either a victim opening a specially crafted email with an affected version of Microsoft Outlook software, or a victim's Outlook application displaying a preview of a specially crafted email . This could result in the attacker executing remote code on the victim's machine. What is OLE? Object Linking and Embedding (OLE) is a technology that allows embedding and linking to documents and other objects. For more information please visit: Object Linking and Embedding (OLE) Data Structures. Mitigations: None Workarounds: Use Microsoft Outlook to reduce the risk of users opening RTF Files from unknown or untrusted sources To help protect against this vulnerability, we recommend users read email messages in plain text format. For guidance on how to configure Microsoft Outlook to read all standard mail in plain text, please refer to Read email messages in plain text. Impact of workaround: Email messages that are viewed in plain text format will not contain pictures, specialized fonts, animations, or other rich content. In addition, the following behavior may be experienced:
Revision: 1.0    14/01/2025     Information published. 1.1    22/01/2025     Corrected one or more links in the FAQ. This is an informational change only. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21298 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21298 | Jmini, Rotiple, D4m0n with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21299
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kerberos Security Feature Bypass Vulnerability
Weakness: CWE-922 : Insecure Storage of Sensitive Information CVSS: CVSS:3.1 Highest BaseScore:7,1/TemporalScore:6,2
Executive Summary: None FAQ: Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Windows Defender Credential Guard Feature to leak Kerberos Credential. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21299 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21299 | Ceri Coburn with NetSPI |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21301
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Geolocation Service Information Disclosure Vulnerability
Weakness: CWE-284 : Improper Access Control CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21301 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21301 | André Schoorl and Bruno Pereira Vidal Bruno Pereira Vidal |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21302
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21302 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21302 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21303
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21303 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21303 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21304
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft DWM Core Library Elevation of Privilege Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could an attacker gain with a successful exploitation? An attacker who successfully exploited this vulnerability could gain unauthorized access to system resources, potentially allowing them to perform actions with the same privileges as the compromised process. This could lead to further system compromise and unauthorized actions within the network. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21304 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21304 | Varun Goel |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21306
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21306 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21306 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21309
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Remote Code Execution Vulnerability
Weakness: CWE-591 : Sensitive Data Storage in Improperly Locked Memory CVSS: CVSS:3.1 Highest BaseScore:8,1/TemporalScore:7,1
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. How could an attacker exploit this vulnerability? An attacker could successfully exploit this vulnerability by connecting to a system with the Remote Desktop Gateway role, triggering the race condition to create a use-after-free scenario, and then leveraging this to execute arbitrary code. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21309 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21309 | VictorV(Tang tianwen) with Kunlun Lab k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21314
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows SmartScreen Spoofing Vulnerability
Weakness: CWE-451 : User Interface (UI) Misrepresentation of Critical Information CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker would have to send the victim a malicious file that the victim would have to execute. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21314 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Spoofing | 5048653 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21314 | Haifei Li with Check Point Research Eric Lawrence with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21315
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Brokering File System Elevation of Privilege Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code at a higher integrity level than that of the AppContainer execution environment. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21315 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21315 | hazard |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21316
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
Weakness: CWE-532 : Insertion of Sensitive Information into Log File CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. **Are there any further steps I need to take to be protected from this vulnerability? Customers running Windows Server 2016 or older, or Windows 10 version 1607 or older MUST install both the Servicing Stack Update (SSU) and the Security Update for that version to be fully protected from this vulnerability. See ADV990001 | Latest Servicing Stack Updates for the applicable Servicing Stack Update for your operating system version. Customers whose systems are configured to receive automatic updates do not need to take any further action. Do I need to install the Servicing Stack Update and the January 2025 Security Update in any particular order? SSUs should always be installed before any new update for Windows, including the latest cumulative update (LCU), Monthly Rollup, or Security Update. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21316 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21316 | Yarden Shafir |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21318
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
Weakness: CWE-532 : Insertion of Sensitive Information into Log File CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21318 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21318 | Yarden Shafir |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21319
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
Weakness: CWE-532 : Insertion of Sensitive Information into Log File CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. **Are there any further steps I need to take to be protected from this vulnerability? Customers running Windows Server 2016 or older, or Windows 10 version 1607 or older MUST install both the Servicing Stack Update (SSU) and the Security Update for that version to be fully protected from this vulnerability. See ADV990001 | Latest Servicing Stack Updates for the applicable Servicing Stack Update for your operating system version. Customers whose systems are configured to receive automatic updates do not need to take any further action. Do I need to install the Servicing Stack Update and the January 2025 Security Update in any particular order? SSUs should always be installed before any new update for Windows, including the latest cumulative update (LCU), Monthly Rollup, or Security Update. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21319 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21319 | Yarden Shafir |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21320
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
Weakness: CWE-532 : Insertion of Sensitive Information into Log File CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. **Are there any further steps I need to take to be protected from this vulnerability? Customers running Windows Server 2016 or older, or Windows 10 version 1607 or older MUST install both the Servicing Stack Update (SSU) and the Security Update for that version to be fully protected from this vulnerability. See ADV990001 | Latest Servicing Stack Updates for the applicable Servicing Stack Update for your operating system version. Customers whose systems are configured to receive automatic updates do not need to take any further action. Do I need to install the Servicing Stack Update and the January 2025 Security Update in any particular order? SSUs should always be installed before any new update for Windows, including the latest cumulative update (LCU), Monthly Rollup, or Security Update. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21320 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21320 | Yarden Shafir |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21321
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
Weakness: CWE-532 : Insertion of Sensitive Information into Log File CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21321 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21321 | Yarden Shafir |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21327
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21327 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21327 | Adel and Benjamin Rodes |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21176
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
Weakness: CWE-126 : Buffer Over-read CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21176 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 8.0 installed on Linux | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
| .NET 8.0 installed on Mac OS | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
| .NET 8.0 installed on Windows | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
| .NET 9.0 installed on Linux | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| .NET 9.0 installed on Mac OS | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| .NET 9.0 installed on Windows | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for 32-bit Systems | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows 10 Version 1809 for x64-based Systems | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.7.2 on Windows Server 2019 (Server Core installation) | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for 32-bit Systems | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 1809 for x64-based Systems | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for 32-bit Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for ARM64-based Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 21H2 for x64-based Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for 32-bit Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for ARM64-based Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows 10 Version 22H2 for x64-based Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | 5050182 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 | 5050187 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2022 (Server Core installation) | 5050187 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems | 5050416 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems | 5050188 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems | 5049624 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems | 5049624 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems | 5049624 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems | 5049624 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for ARM64-based Systems | 5049622 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 24H2 for x64-based Systems | 5049622 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 | 5050187 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation) | 5050187 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation) | 5049620 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.1.09294.01 | Maybe | None |
| Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050186 (Monthly Rollup) 5050181 (Security Only) |
Important | Remote Code Execution | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
| Microsoft .NET Framework 4.6.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050186 (Monthly Rollup) 5050181 (Security Only) |
Important | Remote Code Execution | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
| Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 | 5050186 (Monthly Rollup) 5050181 (Security Only) |
Important | Remote Code Execution | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
| Microsoft .NET Framework 4.6.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050186 (Monthly Rollup) 5050181 (Security Only) |
Important | Remote Code Execution | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050183 (Monthly Rollup) 5050180 (Security Only) |
Important | Remote Code Execution | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050183 (Monthly Rollup) 5050180 (Security Only) |
Important | Remote Code Execution | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 4.7.04126.02 |
Maybe | None | |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 | 5050184 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) | 5050184 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 | 5050185 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) | 5050185 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.7.04126.01 | Maybe | None |
| Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Microsoft .NET Framework 4.6/4.6.2 on Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for 32-bit Systems | 5049614 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows 10 Version 1607 for x64-based Systems | 5049614 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050183 (Monthly Rollup) 5050180 (Security Only) |
Important | Remote Code Execution | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 4.8.04775.02 |
Maybe | None | |
| Microsoft .NET Framework 4.8 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050183 (Monthly Rollup) 5050180 (Security Only) |
Important | Remote Code Execution | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 4.8.04775.02 |
Maybe | None | |
| Microsoft .NET Framework 4.8 on Windows Server 2012 | 5050184 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 (Server Core installation) | 5050184 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 R2 | 5050185 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2012 R2 (Server Core installation) | 5050185 (Monthly Rollup) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2016 | 5049614 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft .NET Framework 4.8 on Windows Server 2016 (Server Core installation) | 5049614 (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.8.04775.01 | Maybe | None |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.9.69 | Maybe | None |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.11.43 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21176 | goodbyeselene |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21178
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Visual Studio Remote Code Execution Vulnerability
Weakness: CWE-122 CWE-125 : Heap-based Buffer Overflow Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21178 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.9.69 | Maybe | None |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.11.43 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21178 | goodbyeselene |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21173
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET Elevation of Privilege Vulnerability
Weakness: CWE-379 : Creation of Temporary File in Directory with Insecure Permissions CVSS: CVSS:3.1 Highest BaseScore:7,3/TemporalScore:6,4
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that a user trigger the payload in the application. According to the CVSS metric, user interaction is required (UI:R) and privileges required is low (PR:L). What does that mean for this vulnerability? An authorized attacker with standard user privileges could place a malicious file and then wait for the privileged victim to run the calling command. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21173 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 8.0 installed on Linux | 5050525 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
| .NET 9.0 installed on Linux | 5050526 (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21173 | Noah Gilson with Microsoft Daniel Plaisted with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21341
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21341 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21341 | Adel and Benjamin Rodes |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
| CVE-2025-21344
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,1
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    27/01/2025     Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21344 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002672 (Security Update) 5002671 (Security Update) |
Important | Remote Code Execution | 5002659 5002544 |
Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002666 (Security Update) 5002667 (Security Update) |
Important | Remote Code Execution | 5002657 5002664 |
Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.10416.20041 | Maybe | None |
| Microsoft SharePoint Server Subscription Edition | 5002676 (Security Update) | Important | Remote Code Execution | 5002658 | Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.17928.20356 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21344 | zcgonvh |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21345
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    27/01/2025     Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21345 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21345 | c0d3nh4ck with Zscaler's ThreatLabz |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21346
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Security Feature Bypass Vulnerability
Weakness: CWE-693 : Protection Mechanism Failure CVSS: CVSS:3.1 Highest BaseScore:7,1/TemporalScore:6,2
Executive Summary: None FAQ: There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploits this vulnerability could bypass Windows Defender Application Control (WDAC) enforcement. This could lead to the ability to run unauthorized applications on target systems. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    27/01/2025     Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21346 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2016 (32-bit edition) | 5002675 (Security Update) 5002595 (Security Update) |
Important | Security Feature Bypass | 5002661 5002197 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 16.0.5483.1000 |
Maybe | None |
| Microsoft Office 2016 (64-bit edition) | 5002675 (Security Update) 5002595 (Security Update) |
Important | Security Feature Bypass | 5002661 5002197 |
Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 16.0.5483.1000 |
Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7,1 Temporal: 6,2 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21346 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21348
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Remote Code Execution Vulnerability
Weakness: CWE-285 : Improper Authorization CVSS: CVSS:3.1 Highest BaseScore:7,2/TemporalScore:6,3
Executive Summary: None FAQ: There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. According to the CVSS metric, privileges required is high (PR:H). What does that mean for this vulnerability? An authenticated attacker with Site Owner permissions can use the vulnerability to inject arbitrary code and execute this code in the context of SharePoint Server. How could an attacker exploit the vulnerability? An authenticated attacker with Site Owner permissions or higher could upload a specially crafted file to the targeted SharePoint Server and craft specialized API requests to trigger deserialization of file's parameters. This would enable the attacker to perform remote code execution in the context of the SharePoint Server. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    27/01/2025     Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21348 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002672 (Security Update) 5002671 (Security Update) |
Important | Remote Code Execution | 5002659 5002544 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002666 (Security Update) 5002667 (Security Update) |
Important | Remote Code Execution | 5002657 5002664 |
Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10416.20041 | Maybe | None |
| Microsoft SharePoint Server Subscription Edition | 5002676 (Security Update) | Important | Remote Code Execution | 5002658 | Base: 7,2 Temporal: 6,3 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.17928.20356 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21348 | zcgonvh |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21354
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Weakness: CWE-822 : Untrusted Pointer Dereference CVSS: CVSS:3.1 Highest BaseScore:8,4/TemporalScore:7,3
Executive Summary: None FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 1.1    14/01/2025     Updated one or more CVSS scores for the affected products. This is an informational change only. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21354 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.93.25011212 | Yes | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.93.25011212 | Yes | None |
| Office Online Server | 5002677 (Security Update) | Critical | Remote Code Execution | 5002648 | Base: 8,4 Temporal: 7,3 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.10416.20047 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21354 | boolgombear Jmini |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21356
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Visio Remote Code Execution Vulnerability
Weakness: CWE-843 CWE-122 : Access of Resource Using Incompatible Type ('Type Confusion') Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    27/01/2025     Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21356 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21356 | Li Shuang and willJ with Vulnerability Research Institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21357
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook Remote Code Execution Vulnerability
Weakness: CWE-908 : Use of Uninitialized Resource CVSS: CVSS:3.1 Highest BaseScore:6,7/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H) and privileges required are low (PR:L). What does that mean for this vulnerability? An attacker must gain access to the victim user's Microsoft Outlook account by compromising or stealing their login credential and then install a malicious form prior to exploiting the vulnerability successfully. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? A user needs to be tricked into opening malicious files. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    27/01/2025     Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21357 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Outlook 2016 (32-bit edition) | 5002656 (Security Update) | Important | Remote Code Execution | 5002626 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1000 | Maybe | None |
| Microsoft Outlook 2016 (64-bit edition) | 5002656 (Security Update) | Important | Remote Code Execution | 5002626 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1000 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21357 | Arnold Osipov with Morphisec Michael Gorelik with Morphisec SeungYun LEE with bObffice (BOB13th) JunHyuk Im with bObffice (BOB13th) Kiyeon Jeong with bObffice (BOB13th) JongGeon KIM with bObffice (BOB13th) Jeongmin Choi with bObffice (BOB13th) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
| CVE-2025-21362
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:8,4/TemporalScore:7,7
Executive Summary: None FAQ: Is the Preview Pane an attack vector for this vulnerability? Yes, the Preview Pane is an attack vector. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 1.1    14/01/2025     Updated one or more CVSS scores for the affected products. This is an informational change only. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21362 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Excel 2016 (32-bit edition) | 5002673 (Security Update) | Critical | Remote Code Execution | 5002660 | Base: 8,4 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft Excel 2016 (64-bit edition) | 5002673 (Security Update) | Critical | Remote Code Execution | 5002660 | Base: 8,4 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Critical | Remote Code Execution | None | Base: 8,4 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
| Office Online Server | 5002677 (Security Update) | Critical | Remote Code Execution | 5002648 | Base: 8,4 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RC:C |
16.0.10416.20047 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21362 | 0x140ce(Peace & Love) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
| CVE-2025-21363
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Word Remote Code Execution Vulnerability
Weakness: CWE-822 : Untrusted Pointer Dereference CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,1
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    27/01/2025     Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21363 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21363 | Jmini, Rotiple, D4m0n with Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21364
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Excel Security Feature Bypass Vulnerability
Weakness: CWE-502 : Deserialization of Untrusted Data CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Office macro policies used to block untrusted or malicious files. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    27/01/2025     Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21364 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Security Feature Bypass | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21364 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21365
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office Remote Code Execution Vulnerability
Weakness: CWE-426 : Untrusted Search Path CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    27/01/2025     Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21365 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21365 | Seungyun LEE with bObffice(BOB 13th) Jeongmin Choi with bObffice(BOB 13th) Junhyuk IM with bObffice(BOB 13th) JongGeon KIM with bObffice(BOB 13th) Kiyeon Jeong with bObffice(BOB 13th) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21366
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Access Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. How does the update protect against this vulnerability? The update blocks potentially malicious extensions from being sent in an email. Which types of extensions are blocked? The following extensions which will be blocked:
Is there any notification indicating an email contained a blocked extension? The email recipient will get a notification that there was an attachment but it cannot be accessed. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    27/01/2025     Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21366 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Access 2016 (32-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft Access 2016 (64-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21366 | Unpatched.ai |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21382
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Graphics Component Elevation of Privilege Vulnerability
Weakness: CWE-190 CWE-122 : Integer Overflow or Wraparound Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21382 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21382 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21219
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
Weakness: CWE-41 : Improper Resolution of Path Equivalence CVSS: CVSS:3.1 Highest BaseScore:4,3/TemporalScore:3,8
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21219 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21219 | George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2024-7344
MITRE NVD Issuing CNA: CERT CC |
CVE Title: Cert CC: CVE-2024-7344 Howyar Taiwan Secure Boot Bypass
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:6,7/TemporalScore:5,8
Executive Summary: This CVE was assigned by CERT CC. The purpose of this document is to attest to the fact that the products listed in the Security Updates table have been updated to protect against this vulnerability. FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 1.1    29/01/2025     In the CVE header, added the overall Severity and Impact information. This is an informational change only. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2024-7344 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6,7 Temporal: 5,8 Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2024-7344 | Martin Smolar, ESET |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21389
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows upnphost.dll Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21389 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21389 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21393
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft SharePoint Server Spoofing Vulnerability
Weakness: CWE-79 : Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CVSS: CVSS:3.1 Highest BaseScore:6,3/TemporalScore:5,5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability could lead to some loss of integrity (I:L)? What does that mean for this vulnerability? Integrity is impacted as XSS allows an attacker to add their malicious script to fetch victim's sensitive info or to change DOM execution. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to the target site as at least a Site Member. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. There are multiple update packages available for some of the affected software. Do I need to install all the updates listed in the Security Updates table for the software? Yes. Customers should apply all updates offered for the software installed on their systems. If multiple updates apply, they can be installed in any order. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    27/01/2025     Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21393 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft SharePoint Enterprise Server 2016 | 5002672 (Security Update) 5002671 (Security Update) |
Important | Spoofing | 5002659 5002544 |
Base: 6,3 Temporal: 5,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft SharePoint Server 2019 | 5002666 (Security Update) 5002667 (Security Update) |
Important | Spoofing | 5002657 5002664 |
Base: 6,3 Temporal: 5,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.10416.20041 | Maybe | None |
| Microsoft SharePoint Server Subscription Edition | 5002676 (Security Update) | Important | Spoofing | 5002658 | Base: 6,3 Temporal: 5,5 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:N/E:U/RL:O/RC:C |
16.0.17928.20356 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21393 | Felix Boulet |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21395
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Access Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. How does the update protect against this vulnerability? The update blocks potentially malicious extensions from being sent in an email. Which types of extensions are blocked? The following extensions which will be blocked:
Is there any notification indicating an email contained a blocked extension? The email recipient will get a notification that there was an attachment but it cannot be accessed. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    27/01/2025     Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21395 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Access 2016 (32-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft Access 2016 (64-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21395 | Unpatched.ai |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
| CVE-2025-21403
MITRE NVD Issuing CNA: Microsoft |
CVE Title: On-Premises Data Gateway Information Disclosure Vulnerability
Weakness: CWE-863 : Incorrect Authorization CVSS: CVSS:3.1 Highest BaseScore:6,4/TemporalScore:5,9
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the data contained in the targeted PowerBI dashboard. The scope of PowerBI data which could be accessed is dependent on the privileges of compromised user. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, user interaction is required (UI:R). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires the victim user to login or authenticate to the target environment. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? The attacker must be authenticated to be able to exploit this vulnerability. What actions do customers need to take to protect themselves from this vulnerability? Only customers who have configured a SAP HANA data source to use single sign-on (SSO) are affected and must update their On-Premises Data Gateway to protect against this vulnerability. More information regarding SSO for On-Premises Data Gateways can be found here: Overview of single sign-on for on-premises data gateways in Power BI Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21403 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| On-Premises Data Gateway | Release Notes (Security Update) | Important | Information Disclosure | None | Base: 6,4 Temporal: 5,9 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N/E:U/RC:C |
3000.246 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21403 | Kian Gorgichuk Kian Gorgichuk |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21217
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows NTLM Spoofing Vulnerability
Weakness: CWE-693 : Protection Mechanism Failure CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21217 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Spoofing | 5048703 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Spoofing | 5048703 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Spoofing | 5048710 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Spoofing | 5048710 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Spoofing | 5048710 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Spoofing | 5048710 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Spoofing | 5048695 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Spoofing | 5048695 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Spoofing | 5048699 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Spoofing | 5048699 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Spoofing | 5048735 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Spoofing | 5048735 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Spoofing | 5048653 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21217 | George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21405
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Visual Studio Elevation of Privilege Vulnerability
Weakness: CWE-284 : Improper Access Control CVSS: CVSS:3.1 Highest BaseScore:7,3/TemporalScore:6,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21405 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21405 | Polar Penguin ycdxsb |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21278
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Weakness: CWE-362 : Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CVSS: CVSS:3.1 Highest BaseScore:6,2/TemporalScore:5,4
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21278 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6,2 Temporal: 5,4 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21278 | Anonymous SkorikARI VictorV(Tang tianwen) with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21329
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
Weakness: CWE-41 : Improper Resolution of Path Equivalence CVSS: CVSS:3.1 Highest BaseScore:4,3/TemporalScore:3,8
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21329 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21329 | George Hughey with MSRC Vulnerabilities & Mitigations George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21328
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
Weakness: CWE-41 : Improper Resolution of Path Equivalence CVSS: CVSS:3.1 Highest BaseScore:4,3/TemporalScore:3,8
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21328 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21328 | George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21330
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Services Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability? An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21330 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21330 | ʌ!ↄ⊥ojv with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21220
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing Information Disclosure Vulnerability
Weakness: CWE-908 : Use of Uninitialized Resource CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21220 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21220 | Bastian Kanbach with SSE - Secure Systems Engineering GmbH |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21335
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Does this vulnerability exist in the Hyper-V server? No, the Hyper-V NT Kernel Integration Virtual Service Provider (VSP) is a component used for communications between the host OS and container-type VMs, such as Windows Sandbox and Microsoft Defender Application Guard (MDAG). It is not in a traditional Hyper-V VM environment. Whereas traditional Hyper-V VMs have a strong boundary between the host and the guest for isolation purposes, container-type VMs like MDAG simulate that they are running on the host. The Hyper-V NT Kernel Integration VSP driver has functionality that enables this simulation. Microsoft strongly recommends updating to the latest version of Windows to be protected against this vulnerability. Is this a guest to host type of vulnerability? No, this is a local elevation of privilege, not any type of guest to host escape. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 1.1    15/01/2025     Added FAQ information. This is an informational change only. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21335 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21335 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0291
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0291 Type Confusion in V8
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0291 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
131.0.2903.147 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0291 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0442
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0442 Inappropriate implementation in Payments
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0442 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.115 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0442 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0440
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0440 Inappropriate implementation in Fullscreen
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0440 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.115 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0440 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0437
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0437 Out of bounds read in Metrics
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0437 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.115 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0437 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0435
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0435 Inappropriate implementation in Navigation
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0435 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.115 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0435 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0434
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0434 Out of bounds memory access in V8
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0434 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.115 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0434 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21415
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure AI Face Service Elevation of Privilege Vulnerability
Weakness: CWE-290 : Authentication Bypass by Spoofing CVSS: CVSS:3.1 Highest BaseScore:9,9/TemporalScore:8,9
Executive Summary: Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability? This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information. Mitigations: None Workarounds: None Revision: 1.0    29/01/2025     Information published. |
Critical | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21415 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Azure AI Face Service | Critical | Elevation of Privilege | None | Base: 9,9 Temporal: 8,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2025-21415 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21193
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Active Directory Federation Server Spoofing Vulnerability
Weakness: CWE-352 : Cross-Site Request Forgery (CSRF) CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? In a web-based attack scenario, an attacker could host a website or server that contains a specially crafted file that is designed to exploit the vulnerability. However, an attacker would have no way to force the user to visit the website. Instead, an attacker would have to convince the user to click a link, typically by way of an enticement in an email or Instant Messenger message, and then convince the user to open the specially crafted file. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21193 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2016 | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Spoofing | 5048653 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21193 | Adrien Scholler with Holiseum |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21207
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability? An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21207 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21207 | CSIRT MON Eduardo Berlanga (seqode) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21202
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Recovery Environment Agent Elevation of Privilege Vulnerability
Weakness: CWE-284 : Improper Access Control CVSS: CVSS:3.1 Highest BaseScore:6,1/TemporalScore:5,3
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is physical (AV:P). What does that mean for this vulnerability? To exploit this vulnerability, an attacker needs physical access to the victim's machine. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21202 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,1 Temporal: 5,3 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21202 | Maxim Suhanov with CICADA8 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| CVE-2025-21187
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Power Automate Remote Code Execution Vulnerability
Weakness: CWE-94 : Improper Control of Generation of Code ('Code Injection') CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. How do I get the updated app? Users of version 2.51 will be notified about the availability of updated version 2.51.349.24355 or version 2.52, which will include the fix to address this vulnerability. Users running versions between 2.46 and 2.50 who do not wish to update to a higher version please refer to the following FAQ for update information and download links. How can I check if the update is installed? Refer to the following table for the fixed build version that addresses this vulnerability.
Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21187 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Power Automate for Desktop | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.52.62.25009 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21187 | Tobias Diehl with Umpqua Bank |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21186
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Access Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. How does the update protect against this vulnerability? The update blocks potentially malicious extensions from being sent in an email. Which types of extensions are blocked? The following extensions which will be blocked:
Is there any notification indicating an email contained a blocked extension? The email recipient will get a notification that there was an attachment but it cannot be accessed. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    27/01/2025     Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21186 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft 365 Apps for Enterprise for 32-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft 365 Apps for Enterprise for 64-bit Systems | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Access 2016 (32-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft Access 2016 (64-bit edition) | 5002670 (Security Update) | Important | Remote Code Execution | 5002641 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.5483.1001 | Maybe | None |
| Microsoft Office 2019 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office 2019 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2021 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 32-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| Microsoft Office LTSC 2024 for 64-bit editions | Click to Run (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
https://aka.ms/OfficeSecurityReleases | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21186 | Unpatched.ai |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21211
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-693 : Protection Mechanism Failure CVSS: CVSS:3.1 Highest BaseScore:6,8/TemporalScore:5,9
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21211 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 6,8 Temporal: 5,9 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21211 | Zammis Clark |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21213
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Secure Boot Security Feature Bypass Vulnerability
Weakness: CWE-284 : Improper Access Control CVSS: CVSS:3.1 Highest BaseScore:4,6/TemporalScore:4
Executive Summary: None FAQ: What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could bypass Secure Boot. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21213 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Security Feature Bypass | 5048699 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Security Feature Bypass | 5048735 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,6 Temporal: 4 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21213 | Zammis Clark |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21224
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability
Weakness: CWE-591 CWE-416 : Sensitive Data Storage in Improperly Locked Memory Use After Free CVSS: CVSS:3.1 Highest BaseScore:8,1/TemporalScore:7,1
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could send a specially crafted print task to a shared vulnerable Windows Line Printer Daemon (LPD) service across a network. Successful exploitation could result in remote code execution on the server. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: The following mitigating factors might be helpful in your situation:
Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21224 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,1 Temporal: 7,1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21224 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21225
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability
Weakness: CWE-843 : Access of Resource Using Incompatible Type ('Type Confusion') CVSS: CVSS:3.1 Highest BaseScore:5,9/TemporalScore:5,2
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. Mitigations: None Workarounds: None Revision: 1.1    14/01/2025     Updated acknowledgment. This is an informational change only. 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21225 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5,9 Temporal: 5,2 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21225 | ʌ!ↄ⊥ojv with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21226
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21226 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21226 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21227
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB device. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21227 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21227 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21228
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB device. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21228 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21228 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21229
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21229 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21229 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21230
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability
Weakness: CWE-20 CWE-400 : Improper Input Validation Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability? An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS). Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21230 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21230 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21231
MITRE NVD Issuing CNA: Microsoft |
CVE Title: IP Helper Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N). How could an attacker exploit this vulnerability? As an authenticated user, the attacker could send a specially crafted string of data over the network, causing the application to crash. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21231 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21231 | Azure Yang with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21232
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21232 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21232 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21256
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 CWE-122 : Out-of-bounds Read Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21256 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21256 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21261
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21261 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21261 | Zhihua Wen with CyberKunLun |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21189
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
Weakness: CWE-41 : Improper Resolution of Path Equivalence CVSS: CVSS:3.1 Highest BaseScore:4,3/TemporalScore:3,9
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of the vulnerability requires that a user open a specially crafted file.
An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file. What kind of security feature could be bypassed by successfully exploiting this vulnerability? An attacker who successfully exploited the vulnerability could bypass the MapURLToZone method. The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21189 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,9 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21189 | George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21273
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21273 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21273 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21274
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Event Tracing Denial of Service Vulnerability
Weakness: CWE-59 : Improper Link Resolution Before File Access ('Link Following') CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21274 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21274 | Filip Dragović |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21275
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows App Package Installer Elevation of Privilege Vulnerability
Weakness: CWE-285 : Improper Authorization CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21275 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21275 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21276
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows MapUrlToZone Denial of Service Vulnerability
Weakness: CWE-191 CWE-693 : Integer Underflow (Wrap or Wraparound) Protection Mechanism Failure CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, successful exploitation of this vulnerability has a high impact on availability (A:H). What does that mean for this vulnerability? An attacker can send specially crafted packets which could affect availability of the service and result in Denial of Service (DoS). The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21276 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Denial of Service | 5048699 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Denial of Service | 5048699 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048735 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Denial of Service | 5048735 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21276 | George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21286
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21286 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21286 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21287
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
Weakness: CWE-269 : Improper Privilege Management CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,2
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21287 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 7,2 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21287 | JaGoTu with DCIT, a.s. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21292
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Search Service Elevation of Privilege Vulnerability
Weakness: CWE-94 : Improper Control of Generation of Code ('Code Injection') CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation More Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21292 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21292 | Microsoft Offensive Research & Security Engineering |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21300
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows upnphost.dll Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: None Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21300 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Denial of Service | 5048703 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Denial of Service | 5048652 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Denial of Service | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Denial of Service | 5048710 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Denial of Service | 5048695 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21300 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21305
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21305 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21305 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21307
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:9,8/TemporalScore:8,5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could exploit the vulnerability by sending specially crafted packets to a Windows Pragmatic General Multicast (PGM) open socket on the server, without any interaction from the user. Mitigations: The following mitigating factors might be helpful in your situation: This vulnerability is only exploitable only if there is a program listening on a Pragmatic General Multicast (PGM) port. If PGM is installed or enabled but no programs are actively listening as a receiver, then this vulnerability is not exploitable. PGM does not authenticate requests so it is recommended to protect access to any open ports at the network level (e.g. with a firewall). It is not recommended to expose a PGM receiver to the public internet. Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Critical | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21307 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Critical | Remote Code Execution | 5048703 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Critical | Remote Code Execution | 5048652 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Critical | Remote Code Execution | 5048685 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Critical | Remote Code Execution | 5048710 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Critical | Remote Code Execution | 5048695 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Critical | Remote Code Execution | 5048699 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Critical | Remote Code Execution | 5048735 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Critical | Remote Code Execution | 5048671 | Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Critical | Remote Code Execution | 5048661 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Critical | Remote Code Execution | 5048654 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Remote Code Execution | 5048653 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Remote Code Execution | 5048667 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21307 | Kyle Westhaus with Microsoft Offensive Research & Security Engineering (MORSE) |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21308
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Themes Spoofing Vulnerability
Weakness: CWE-200 : Exposure of Sensitive Information to an Unauthorized Actor CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker would have to convince the user to load a malicious file onto a vulnerable system, typically by way of an enticement in an Email or Instant Messenger message, and then convince the user to manipulate the specially crafted file, but not necessarily click or open the malicious file. Mitigations: Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigations might apply in your situation:
References:
Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Spoofing | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | Yes | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21308 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Spoofing | 5048703 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Spoofing | 5048703 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Spoofing | 5048652 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Spoofing | 5048685 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Spoofing | 5048699 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Spoofing | 5048699 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Spoofing | 5048735 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Spoofing | 5048735 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Spoofing | 5048671 | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Spoofing | 5048661 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Spoofing | 5048654 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Spoofing | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21308 | Blaz Satler with 0patch by ACROS Security |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21310
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21310 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21310 | Adel and Benjamin Rodes |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21312
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Smart Card Reader Information Disclosure Vulnerability
Weakness: CWE-908 : Use of Uninitialized Resource CVSS: CVSS:3.1 Highest BaseScore:2,4/TemporalScore:2,1
Executive Summary: None FAQ: According to the CVSS metrics, successful exploitation of this vulnerability could lead to some loss of confidentiality (C:L) but have no effect on integrity (I:N) or on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploited the vulnerability could view some sensitive information (Confidentiality) but not all resources within the impacted component may be divulged to the attacker. The attacker cannot make changes to disclosed information (Integrity) or limit access to the resource (Availability). Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21312 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 2,4 Temporal: 2,1 Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21312 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21317
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
Weakness: CWE-532 : Insertion of Sensitive Information into Log File CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21317 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21317 | Yarden Shafir |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21323
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kernel Memory Information Disclosure Vulnerability
Weakness: CWE-532 : Insertion of Sensitive Information into Log File CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability could allow the disclosure of certain memory address within kernel space. Knowing the exact location of kernel memory could be potentially leveraged by an attacker for other malicious activities. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21323 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21323 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21172
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET and Visual Studio Remote Code Execution Vulnerability
Weakness: CWE-190 CWE-122 : Integer Overflow or Wraparound Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment of the targeted component. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21172 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 8.0 installed on Linux | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
| .NET 8.0 installed on Mac OS | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
| .NET 8.0 installed on Windows | 5050525 (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
8.0.12 | Maybe | None |
| .NET 9.0 installed on Linux | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| .NET 9.0 installed on Mac OS | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| .NET 9.0 installed on Windows | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
15.9.69 | Maybe | None |
| Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.11.43 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21172 | goodbyeselene |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21324
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Digital Media Elevation of Privilege Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:6,6/TemporalScore:5,8
Executive Summary: None FAQ: According to the CVSS metric, the Attack Vector is Physical (AV:P). What does that mean for this vulnerability? An attacker needs physical access to the target computer to plug in a malicious USB drive. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21324 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 6,6 Temporal: 5,8 Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21324 | Adel from MSRC V&M |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21331
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Installer Elevation of Privilege Vulnerability
Weakness: CWE-59 : Improper Link Resolution Before File Access ('Link Following') CVSS: CVSS:3.1 Highest BaseScore:7,3/TemporalScore:6,4
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Successful exploitation of this vulnerability by an attacker requires a user to first reboot their machine. Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21331 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Elevation of Privilege | 5048710 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Elevation of Privilege | 5048695 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7,3 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21331 | Simon Zuckerbraun of Trend Micro Zero Day Initiative |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21336
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Cryptographic Information Disclosure Vulnerability
Weakness: N/A CVSS: CVSS:3.1 Highest BaseScore:5,6/TemporalScore:4,9
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to carefully time their actions to exploit the timing differences in the execution of specific operations. They must accurately measure these timing variations to infer sensitive information or gain unauthorized access. This often involves sophisticated techniques to manipulate and observe the timing behavior of the target system. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? An attacker who successfully exploited this vulnerability could potentially execute a cross-VM attack, thereby compromising multiple virtual machines and expanding the impact of the attack beyond the initially targeted VM. What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is the contents of encrypted PKCS1 information. An attacker could read the contents of encrypted PKCS1 information from a user mode process. Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21336 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Information Disclosure | 5048710 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Information Disclosure | 5048695 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,6 Temporal: 4,9 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21336 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21338
MITRE NVD Issuing CNA: Microsoft |
CVE Title: GDI+ Remote Code Execution Vulnerability
Weakness: CWE-190 : Integer Overflow or Wraparound CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. This means an attacker or victim needs to execute code from the local machine to exploit the vulnerability. According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges. Is the Preview Pane an attack vector for this vulnerability? No, the Preview Pane is not an attack vector. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    27/01/2025     Added an FAQ to indicate that the Preview Pane is not affected for this CVE. This is an informational change only. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21338 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Office for Android | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.18429.20000 | Maybe | None |
| Microsoft Office for iOS | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
2.93.24123014 | Maybe | None |
| Microsoft Office for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.93.25011212 | Yes | None |
| Microsoft Office for Universal | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.0.14326.22175 | Maybe | None |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.93.25011212 | Yes | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
16.93.25011212 | Yes | None |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21338 | Li Shuang and willJ with vulnerability research institute |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21339
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21339 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21339 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21340
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability
Weakness: CWE-284 : Improper Access Control CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21340 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21340 | Microsoft Offensive Research & Security Engineering |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21343
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Web Threat Defense User Service Information Disclosure Vulnerability
Weakness: CWE-269 : Improper Privilege Management CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is sensitive information. How could an attacker exploit this vulnerability? An attacker who successfully exploited this vulnerability could capture screenshots of another user’s session, crossing the user-session boundary. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21343 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21343 | Australian Signals Directorate Australian Signals Directorate |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
| CVE-2025-21361
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Outlook Remote Code Execution Vulnerability
Weakness: CWE-641 : Improper Restriction of Names for Files and Other Resources CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,1
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? The attacker would be able to bypass the protection in Outlook that prevents a potentially dangerous file extension from being attached enabling a remote code execution. Which version of Outlook for Mac does this affect? This vulnerability only affects the Legacy version of Outlook for Mac which is described in this documentation: Outlook for Mac. Customers who have enabled the new Outlook experience are not affected. According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Is the Attachment Preview Pane an attack vector for this vulnerability? Yes. The attachment Preview Pane that is accessed when a user clicks to preview an attached file is an attack vector; however, the email Preview Pane itself is not. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21361 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
| Microsoft Outlook for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21361 | Shubh Sidhu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21370
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
Weakness: CWE-20 : Improper Input Validation CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges would an attacker gain by successfully exploiting this vulnerability? An attacker who successfully exploited this vulnerability could potentially leak data from the target enclave or execute code within the context of the target enclave. Are there any additional steps that I need to follow to be protected from this vulnerability? The changes to address this vulnerability updated Virtual Secure Mode components. The policy described in Guidance for blocking rollback of Virtualization-based Security (VBS) related security updates has been updated to account for the latest changes. If you deployed this policy, then you'll need to redeploy using the updated policy. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21370 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21370 | Alex Ionescu, working for Winsider Seminars & Solutions, Inc. |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21372
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Brokering File System Elevation of Privilege Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. According to the CVSS metric, successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability? In this case, a successful attack could be performed from a low privilege AppContainer. The attacker could elevate their privileges and execute code or access resources at a higher integrity level than that of the AppContainer execution environment. What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could potentially gain the ability to crash the system by exploiting the use-after-free vulnerability, even as a standard user. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21372 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21372 | hazard |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21374
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows CSC Service Information Disclosure Vulnerability
Weakness: CWE-125 : Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:5,5/TemporalScore:4,8
Executive Summary: None FAQ: What type of information could be disclosed by this vulnerability? The type of information that could be disclosed if an attacker successfully exploited this vulnerability is an out of bounds read in the caller's address space memory. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21374 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Information Disclosure | 5048703 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Information Disclosure | 5048652 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Information Disclosure | 5048685 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Information Disclosure | 5048699 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Information Disclosure | 5048735 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Information Disclosure | 5048671 | Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Information Disclosure | 5048661 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Information Disclosure | 5048654 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Information Disclosure | 5048653 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Information Disclosure | 5048667 |
Base: 5,5 Temporal: 4,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21374 | Mukyoung Kwak, Seongheun Hong, Jaeseok Bae, Inkyu Yang, Jiwon Jang, Seoyun Cho with Best of the Best 13th Team MSRC Gasan |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21378
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows CSC Service Elevation of Privilege Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21378 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Elevation of Privilege | 5048703 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Elevation of Privilege | 5048699 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Elevation of Privilege | 5048735 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Elevation of Privilege | 5048671 | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Elevation of Privilege | 5048661 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Elevation of Privilege | 5048654 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21378 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||
| CVE-2025-21402
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Office OneNote Remote Code Execution Vulnerability
Weakness: CWE-641 : Improper Restriction of Names for Files and Other Resources CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:7,1
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21402 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Office LTSC for Mac 2021 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
| Microsoft Office LTSC for Mac 2024 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.93.25011212 | Yes | None |
| Microsoft OneNote for Mac | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,8 Temporal: 7,1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RC:C |
16.92.24120731 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21402 | Shubh Sidhu |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21218
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Kerberos Denial of Service Vulnerability
Weakness: CWE-400 : Uncontrolled Resource Consumption CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An unauthenticated attacker could use a specially crafted application to leverage a protocol vulnerability in the Kerberos Key Distribution Center (KDC) Proxy Service to perform denial of service against the target. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 1.1    16/01/2025     Updated FAQ information. This is an informational change only. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21218 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Denial of Service | 5048699 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Denial of Service | 5048735 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Denial of Service | 5048671 | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Denial of Service | 5048661 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Denial of Service | 5048654 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21218 | k0shl with Kunlun Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21380
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Azure Marketplace SaaS Resources Information Disclosure Vulnerability
Weakness: CWE-284 : Improper Access Control CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,9
Executive Summary: Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability? This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information. Mitigations: None Workarounds: None Revision: 1.0    09/01/2025     Information published. |
Critical | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21380 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Marketplace SaaS | Critical | Information Disclosure | None | Base: 8,8 Temporal: 7,9 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2025-21380 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21385
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Purview Information Disclosure Vulnerability
Weakness: CWE-918 : Server-Side Request Forgery (SSRF) CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network. FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability? This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information. Mitigations: None Workarounds: None Revision: 1.0    09/01/2025     Information published. |
Critical | Information Disclosure | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21385 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Purview | Critical | Information Disclosure | None | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2025-21385 | Tzah Pahima |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21313
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Security Account Manager (SAM) Denial of Service Vulnerability
Weakness: CWE-833 : Deadlock CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: How could an attacker exploit the vulnerability? An authenticated attacker could make specially crafted API calls that lead to a Denial of Service. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Denial of Service | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21313 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Denial of Service | 5048653 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Denial of Service | 5048667 |
Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21313 | Internal with Microsoft |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21332
MITRE NVD Issuing CNA: Microsoft |
CVE Title: MapUrlToZone Security Feature Bypass Vulnerability
Weakness: CWE-41 : Improper Resolution of Path Equivalence CVSS: CVSS:3.1 Highest BaseScore:4,3/TemporalScore:3,8
Executive Summary: None FAQ: The Security Updates table indicates that this vulnerability affects all supported versions of Microsoft Windows. Why are IE Cumulative updates listed for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2? While Microsoft has announced retirement of the Internet Explorer 11 application on certain platforms and the Microsoft Edge Legacy application is deprecated, the underlying MSHTML, EdgeHTML, and scripting platforms are still supported. The MSHTML platform is used by Internet Explorer mode in Microsoft Edge as well as other applications through WebBrowser control. The EdgeHTML platform is used by WebView and some UWP applications. The scripting platforms are used by MSHTML and EdgeHTML but can also be used by other legacy applications. Updates to address vulnerabilities in the MSHTML platform and scripting engine are included in the IE Cumulative Updates; EdgeHTML and Chakra changes are not applicable to those platforms. To stay fully protected, we recommend that customers who install Security Only updates install the IE Cumulative updates for this vulnerability. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Security Feature Bypass | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21332 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Security Feature Bypass | 5048703 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Security Feature Bypass | 5048652 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Security Feature Bypass | 5048685 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048710 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.0.6003.23070 1.007 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048695 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.1.7601.27520 1.003 |
Yes | None |
| Windows Server 2012 | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 (Server Core installation) | 5049994 (IE Cumulative) 5050004 (Monthly Rollup) |
Important | Security Feature Bypass | 5048699 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
1.003 6.2.9200.25273 |
Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) 5049994 (IE Cumulative) |
Important | Security Feature Bypass | 5048735 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
6.3.9600.22371 1.002 |
Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Security Feature Bypass | 5048671 | Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Security Feature Bypass | 5048661 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Security Feature Bypass | 5048654 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Security Feature Bypass | 5048653 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Security Feature Bypass | 5048667 |
Base: 4,3 Temporal: 3,8 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21332 | George Hughey with MSRC Vulnerabilities & Mitigations |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21326
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Internet Explorer Remote Code Execution Vulnerability
Weakness: CWE-843 : Access of Resource Using Incompatible Type ('Type Confusion') CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local and User Interaction is Required, this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and open a specially crafted file from a website which leads to a local attack on their computer. According to the CVSS metrics, successful exploitation of this vulnerability could lead to major loss of confidentiality (C:H), integrity (I:H), and availability (A:H). What does that mean for this vulnerability? An attacker who successfully exploited this vulnerability could gain high privileges, which include read, write, and delete functionality. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21326 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21326 | Quan Jin with DBAPPSecurity WeBin Lab |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21311
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows NTLM V1 Elevation of Privilege Vulnerability
Weakness: CWE-303 : Incorrect Implementation of Authentication Algorithm CVSS: CVSS:3.1 Highest BaseScore:9,8/TemporalScore:8,5
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the attack complexity is low (AC:L). What does that mean for this vulnerability? The attack vector is Network (AV:N) because this vulnerability is remotely exploitable and can be exploited from the internet. The attack complexity is Low (AC:L) because an attacker does not require significant prior knowledge of the system and can achieve repeatable success with the payload against the vulnerable component. Mitigations: Mitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigations might apply in your situation: Set the LmCompatabilityLvl to its maximum value (5) for all machines. This will prevent the usage of the older NTLMv1 protocol, while still allowing NTLMv2. Please see Network security: LAN Manager authentication level for more information. Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Critical | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21311 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Critical | Elevation of Privilege | 5048667 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Critical | Elevation of Privilege | 5048667 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Critical | Elevation of Privilege | 5048653 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Critical | Elevation of Privilege | 5048667 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Critical | Elevation of Privilege | 5048667 |
Base: 9,8 Temporal: 8,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21311 | Dylan Bickerstaff with below average |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21333
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Does this vulnerability exist in the Hyper-V server? No, the Hyper-V NT Kernel Integration Virtual Service Provider (VSP) is a component used for communications between the host OS and container-type VMs, such as Windows Sandbox and Microsoft Defender Application Guard (MDAG). It is not in a traditional Hyper-V VM environment. Whereas traditional Hyper-V VMs have a strong boundary between the host and the guest for isolation purposes, container-type VMs like MDAG simulate that they are running on the host. The Hyper-V NT Kernel Integration VSP driver has functionality that enables this simulation. Microsoft strongly recommends updating to the latest version of Windows to be protected against this vulnerability. Is this a guest to host type of vulnerability? No, this is a local elevation of privilege, not any type of guest to host escape. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 1.1    15/01/2025     Added FAQ information. This is an informational change only. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21333 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21333 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21334
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability
Weakness: CWE-416 : Use After Free CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Does this vulnerability exist in the Hyper-V server? No, the Hyper-V NT Kernel Integration Virtual Service Provider (VSP) is a component used for communications between the host OS and container-type VMs, such as Windows Sandbox and Microsoft Defender Application Guard (MDAG). It is not in a traditional Hyper-V VM environment. Whereas traditional Hyper-V VMs have a strong boundary between the host and the guest for isolation purposes, container-type VMs like MDAG simulate that they are running on the host. The Hyper-V NT Kernel Integration VSP driver has functionality that enables this simulation. Microsoft strongly recommends updating to the latest version of Windows to be protected against this vulnerability. Is this a guest to host type of vulnerability? No, this is a local elevation of privilege, not any type of guest to host escape. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 1.1    15/01/2025     Added FAQ information. This is an informational change only. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Detected | No | Yes |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21334 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Elevation of Privilege | 5048653 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21334 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21325
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Secure Kernel Mode Elevation of Privilege Vulnerability
Weakness: CWE-732 : Incorrect Permission Assignment for Critical Resource CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What architecture(s) are impacted by this vulnerability? This vulnerability impacts ARM64 only. How could an attacker exploit this vulnerability and what privileges could an attacker gain? An authenticated attacker could escalate privileges to Secure Kernel by overwriting the page table data meant for the kernel. Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21325 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Elevation of Privilege | 5048652 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Elevation of Privilege | 5048685 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Elevation of Privilege | 5048667 |
Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | Important | Elevation of Privilege | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2025-21325 | Microsoft Offensive Research & Security Engineering |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0448
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0448 Inappropriate implementation in Compositing
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0448 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.115 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0448 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0447
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0447 Inappropriate implementation in Navigation
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0447 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.115 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0447 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0446
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0446 Inappropriate implementation in Extensions
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0446 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.115 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0446 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0443
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0443 Insufficient data validation in Extensions
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0443 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.115 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0443 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0441
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0441 Inappropriate implementation in Fenced Frames
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0441 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.115 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0441 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0439
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0439 Race in Frames
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0439 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.115 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0439 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0438
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0438 Stack buffer overflow in Tracing
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0438 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.115 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0438 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0436
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0436 Integer overflow in Skia
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0436 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.115 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0436 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||
| CVE-2025-21185
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Weakness: CWE-284 : Improper Access Control CVSS: CVSS:3.1 Highest BaseScore:6,5/TemporalScore:5,7
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could achieve elevation of privilege and gain the ability to read the API component. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? The user would have to click on a specially crafted URL to be compromised by the attacker. According to the CVSS metrics, successful exploitation of this vulnerability does not impact confidentiality (C:H), or integrity (I:N), but has a high impact on availability (A:N). What does that mean for this vulnerability? An attacker who successfully exploits this vulnerability cannot modify any sensitive user data or cause user data to become unavailable but can access sensitive user data. What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21185 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 6,5 Temporal: 5,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C |
132.0.2957.115 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21185 | asnine |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||||||||
| CVE-2025-21262
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Edge (Chromium-based) Spoofing Vulnerability
Weakness: CWE-451 : User Interface (UI) Misrepresentation of Critical Information CVSS: CVSS:3.1 Highest BaseScore:5,4/TemporalScore:4,7
Executive Summary: User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network FAQ: According to the CVSS metric, Confidentiality and Integrity are rated as Low and Availability is None (C:L, I:L, A:N). What does that mean for this vulnerability? An attacker is only able to comprise files that they were allowed access to as part of their initial privilege but cannot affect the availability of the browser. What is the version information for this release?
According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? An attacker must send the user a malicious file and convince them to open it. Mitigations: None Workarounds: None Revision: 1.0    24/01/2025     Information published. |
Low | Spoofing | ||||||||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21262 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Low | Spoofing | None | Base: 5,4 Temporal: 4,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C |
132.0.2957.127 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21262 | Sazzad Mahmud Tomal |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0612
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0611 Object corruption in V8
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    27/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0612 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.127 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0612 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0611
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0612 Out of bounds memory access in V8
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    27/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0611 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.127 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0611 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21246
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 CWE-125 : Heap-based Buffer Overflow Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a client to connect to a malicious server, and that could allow the attacker to gain code execution on the client. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21246 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21246 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21417
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21417 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21417 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21250
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21250 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21250 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21240
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21240 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21240 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21238
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21238 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21238 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21223
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21223 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21223 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21409
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21409 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21409 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21245
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Windows Telephony Service Remote Code Execution Vulnerability
Weakness: CWE-122 CWE-125 : Heap-based Buffer Overflow Out-of-bounds Read CVSS: CVSS:3.1 Highest BaseScore:8,8/TemporalScore:7,7
Executive Summary: None FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this vulnerability by tricking a user into sending a request to a malicious server. This could result in the server returning malicious data that might cause arbitrary code execution on the user's system. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21245 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Windows 10 for 32-bit Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 for x64-based Systems | 5050013 (Security Update) | Important | Remote Code Execution | 5048703 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.10240.20890 | Yes | None |
| Windows 10 Version 1607 for 32-bit Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1607 for x64-based Systems | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows 10 Version 1809 for 32-bit Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 1809 for x64-based Systems | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows 10 Version 21H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 21H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19044.5371 |
Yes | None |
| Windows 10 Version 22H2 for 32-bit Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for ARM64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 10 Version 22H2 for x64-based Systems | 5049981 (Security Update) | Important | Remote Code Execution | 5048652 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.19045.5371 |
Yes | None |
| Windows 11 Version 22H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 22H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22621.4751 |
Yes | None |
| Windows 11 Version 23H2 for ARM64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 23H2 for x64-based Systems | 5050021 (Security Update) | Important | Remote Code Execution | 5048685 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.22631.4751 |
Yes | None |
| Windows 11 Version 24H2 for ARM64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows 11 Version 24H2 for x64-based Systems | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for 32-bit Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 for x64-based Systems Service Pack 2 (Server Core installation) | 5050063 (Monthly Rollup) 5050061 (Security Only) |
Important | Remote Code Execution | 5048710 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.0.6003.23070 |
Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) | 5050049 (Monthly Rollup) 5050006 (Security Only) |
Important | Remote Code Execution | 5048695 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.1.7601.27520 | Yes | None |
| Windows Server 2012 | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 (Server Core installation) | 5050004 (Monthly Rollup) | Important | Remote Code Execution | 5048699 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.2.9200.25273 | Yes | None |
| Windows Server 2012 R2 | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2012 R2 (Server Core installation) | 5050048 (Monthly Rollup) | Important | Remote Code Execution | 5048735 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
6.3.9600.22371 | Yes | None |
| Windows Server 2016 | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2016 (Server Core installation) | 5049993 (Security Update) | Important | Remote Code Execution | 5048671 | Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.14393.7699 | Yes | None |
| Windows Server 2019 | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2019 (Server Core installation) | 5050008 (Security Update) | Important | Remote Code Execution | 5048661 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.17763.6775 |
Yes | None |
| Windows Server 2022 | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022 (Server Core installation) | 5049983 (Security Update) | Important | Remote Code Execution | 5048654 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.20348.3091 |
Yes | None |
| Windows Server 2022, 23H2 Edition (Server Core installation) | 5049984 (Security Update) | Important | Remote Code Execution | 5048653 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.25398.1369 |
Yes | None |
| Windows Server 2025 | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| Windows Server 2025 (Server Core installation) | 5050009 (Security Update) | Important | Remote Code Execution | 5048667 |
Base: 8,8 Temporal: 7,7 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
10.0.26100.2894 |
Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21245 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21396
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Account Elevation of Privilege Vulnerability
Weakness: CWE-862 : Missing Authorization CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. FAQ: Why are there no links to an update or instructions with steps that must be taken to protect from this vulnerability? This vulnerability has already been fully mitigated by Microsoft. There is no action for users of this service to take. The purpose of this CVE is to provide further transparency. Please see Toward greater transparency: Unveiling Cloud Service CVEs for more information. Mitigations: None Workarounds: None Revision: 1.0    29/01/2025     Information published. |
Critical | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| N/A | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21396 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Account | Critical | Elevation of Privilege | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C |
Unknown | Unknown | None | |
| CVE ID | Acknowledgements |
| CVE-2025-21396 | M1n9K1n9 with APT250 |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21171
MITRE NVD Issuing CNA: Microsoft |
CVE Title: .NET Remote Code Execution Vulnerability
Weakness: CWE-122 : Heap-based Buffer Overflow CVSS: CVSS:3.1 Highest BaseScore:7,5/TemporalScore:6,5
Executive Summary: None FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they should be placed on the victim's system. According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that a user trigger the payload in the application. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 2.0    29/01/2025     Revised the Security Updates table to include PowerShell 7.5 installed on Windows, PowerShell 7.5 installed on Linux, and PowerShell 7.5 installed on MacOC because these versions of PowerShell 7 are affected by this vulnerability. See https://github.com/PowerShell/Announcements/issues/72 for more information. |
Important | Remote Code Execution | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21171 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| .NET 9.0 installed on Linux | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| .NET 9.0 installed on Mac OS | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| .NET 9.0 installed on Windows | 5050526 (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
9.0.1 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.10 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.10.10 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.12 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.12.4 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.6 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.6.22 | Maybe | None |
| Microsoft Visual Studio 2022 version 17.8 | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
17.8.17 | Maybe | None |
| PowerShell 7.5 installed on Linux | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
7.5.0 | Maybe | None |
| PowerShell 7.5 installed on MacOS | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
7.5.0 | Maybe | None |
| PowerShell 7.5 installed on Windows | Release Notes (Security Update) | Important | Remote Code Execution | None | Base: 7,5 Temporal: 6,5 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
7.5.0 | Maybe | None |
| CVE ID | Acknowledgements |
| CVE-2025-21171 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21360
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability
Weakness: CWE-269 : Improper Privilege Management CVSS: CVSS:3.1 Highest BaseScore:7,8/TemporalScore:6,8
Executive Summary: None FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploits this vulnerability could elevate their privileges to perform commands as Root in the target environment. Mitigations: None Workarounds: None Revision: 1.0    14/01/2025     Information published. 1.1    30/01/2025     Updated one or more CVSS scores for the affected products. This is an informational change only. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21360 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft AutoUpdate for Mac | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7,8 Temporal: 6,8 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
4.76 | Yes | None |
| CVE ID | Acknowledgements |
| CVE-2025-21360 | Anonymous |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||
| CVE-2025-0762
MITRE NVD Issuing CNA: Chrome |
CVE Title: Chromium: CVE-2025-0762 Use after free in DevTools
Weakness: N/A CVSS: None Executive Summary: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information. FAQ: Why is this Chrome CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable. How can I see the version of the browser?
What is the version information for this release?
Mitigations: None Workarounds: None Revision: 1.0    30/01/2025     Information published. |
Unknown | Unknown |
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Not Found | Not Found | Not Found |
The following tables list the affected software details for the vulnerability.
| CVE-2025-0762 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge (Chromium-based) | Release Notes (Security Update) | Unknown | Unknown | None | Base: N/A Temporal: N/A Vector: N/A |
132.0.2957.140 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-0762 | None |
| CVE ID | Vulnerability Description | Maximum Severity Rating | Vulnerability Impact | ||||||||||||||||||||||||||||||||||||
| CVE-2025-21399
MITRE NVD Issuing CNA: Microsoft |
CVE Title: Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability
Weakness: CWE-426 : Untrusted Search Path CVSS: CVSS:3.1 Highest BaseScore:7,4/TemporalScore:6,4
Executive Summary: None FAQ: According to the CVSS metric, Attack Vector is Local (AV:L). What does that mean for this vulnerability? An attacker would have to have local presence on the device through malware or a malicious application to be able to exploit this vulnerability. According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Mitigations: None Workarounds: None Revision: 1.0    16/01/2025     Information published. |
Important | Elevation of Privilege | ||||||||||||||||||||||||||||||||||||
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
| Exploitability Assessment | Publicly Disclosed | Exploited |
| Exploitation Less Likely | No | No |
The following tables list the affected software details for the vulnerability.
| CVE-2025-21399 | ||||||||
| Product | KB Article | Severity | Impact | Supercedence | CVSS Score Set | Fixed Build | Restart Required | Known Issue |
| Microsoft Edge Update Setup | Release Notes (Security Update) | Important | Elevation of Privilege | None | Base: 7,4 Temporal: 6,4 Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C |
1.3.195.43 | No | None |
| CVE ID | Acknowledgements |
| CVE-2025-21399 | Simon (@sim0nsecurity) |